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DETAILED ACTION 



Response to Amendment 

1 . Applicant's amendments/arguments with respect to amended claims 1 , 7, and 13 
filed November 8, 2005 have been fully considered (MPEP 714.04; 37 CFR 1 .1 1 1) but 
they are not persuasive. Amendments to the specification have been accepted. 



Response to Arguments 

2. Applicant's arguments with respect to claims 1 , 7, and 13 have been considered 
but are not persuasive. 

With regards to Applicant's argument that Nielsen does not teach "indexing 
password and usernames in a the master password file or vault for any other uses other 
than logging into 'Yemote servers" (col. 6, lines 44-46), and is especially silent as to 
providing an open application interface such that both web browsers and non-browser 
applications alike can access the same password", Examiner respectfully disagrees 

(note column 4, line 1 - a database of passwords and user IDs are maintained at the client computer that 
is searched [same as indexing] by the password management system in response to a challenge from the 
remote sen/en also note column 3, lines 52-63 - the password management system can be implemented 
as an Applet or Hot Java or incorporated into a browser program; an applet is defined as a small program 
that is intended not to be run on its own, but rather to be embedded inside another application [browser or 
non-browser]: in Java programming language it is common practice to define an interface and then 
implement the interface; the interface is usually open but implementation can be proprietary; therefore, it 
is implied that Nielsen's database management system interface is an open interface that could be used 
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by a third party vendor; also note column 4, lines 54-59 - the password management system interacts 
with the remote server on behalf of the client). 

With regards to Applicant's argument that Nielsen does not teach "overlaying the 

master password entry dialog box directly placed over the original password entry box 
so as to block view or direct entry of information into the original password entry box", 
Examiner respectfully disagrees (note column 4, lines 1-11 - the concept of overlaying technique is 
inherent in the reference; the overlaying feature is a particular implementation concept; the overlay 
concept is easily implemented using the system described by the reference; also note column 5, lines 48- 
50 - an overlay mechanism described). 

With regards to Applicant's argument that Nielsen does not teach "providing a 

pop-up which lists a set of user-selectable user-names when more than one user-name 
and password pair is found for the application program which is requesting access to 
the master password wallet", Examiner respectfully disagrees (note column 5, lines 11-30- 
the concept and mechanism for performing the stated function is taught by the reference; for example, the 
checking of the URL implies the checking of associated user ID and password which can be published as 
a pop-up dialog box; the use of the display of dialog box in another context is described; the core 
functionality associated with the stated pop-up menu is inherent in the reference). 

With regards to Applicant's argument that Nielsen does not teach "performing a 
local verification of a directly-entered application-specific password to find a match in 
the locally stored master password, and preventing submission of passwords for which 
no local match is found, thereby preventing submission of invalid passwords to the 
requesting application program or web site, and preventing potential subsequent lock 
out of the application and/or divulgence of the user's alternate favorite passwords to the 
application program or web site". Examiner respectfully disagrees (note Fig. 4 and column 4, 
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lines 42-67- the registration process described includes verification functionality; multiple identical entry 
in the password database will produce a conflict that must be resolved by the password management 
system). 



Claim Rejections - 35 USC § 102 

3. Claims 1-19 are rejected under 35 U.S.C. 102b as being anticipated by Nielsen 
(US Patent #6,182.229). 

As for independent claim 1 , Nielsen teaches a method within a computing 
platform of graphically providing a secure field value retrieval and entry, wherein said 
computing platform includes a display device, a field activation device and a user 
selection device, said method comprising: 

providing to a plurality of application programs an interface to request 
application-specific passwords, said plurality of application programs including at least 
one web browser program, and at least one non-browser program (note column 3, lines 52- 
63 - the password management system can be implemented as an Applet or Hot Java or incorporated 
into a browser program; an applet is defined as a small program that is not intended to be run on its own, 
but rather to be embedded inside another application [browser or non-browser]; in Java programming 
language it is common practice to define an interface and then implement the interface; the interface is 
usually open but implementation can be proprietary; therefore, it is implied that Nielsen's database 
management system interface is an open interface that could be used by a third party vendor; also note 
column 6, lines 15-18) ] 

receiving a request from an application program via said interface for input of an 
application-specific password program (note column 4, lines 3-7 -the password management 
system receives request from remote site running browser or non-browser application)] 



f 
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receiving a computing context indicator regarding at least a position of an original 
entry point for a password as displayed by said requesting application program (note 
column 4, lines 52-59 - the original entry point is described)] 

displaying a user first dialogue to receive a master key value from a user, said 
user dialogue being displayed in a position so as to overlay said original entry point for a 
password as displayed by said requesting application program (note column 4, lines 1-11- 

the concept of overlaying technique is inherent in the reference; the overlaying feature is a particular 
implementation concept; the overlay concept is easily implemented using the system described by the 
reference; also note column 5, lines 48-50 - an overlay mechanism described; also note column 4, lines 
32-37 - user is prompted for master password)] 

determining if said master key value is a correct master key value (note column 4, 
lines 38-44 - the data management system prompts for master password which is then verified by the 
password management system)] 

retrieving a plurality of ((a)) field ((value)) values from a secure field value store 
which ((is)) are associated with said requesting application program, said activated field 
and a user identification (note column 5, lines 11-30 -the concept and mechanism for performing 

the stated function is taught by the reference; for example, the checking of the URL implies the checking 
of associated user ID and password which can be published as a pop-up dialog box; the use of display of 
dialog box in another context is described; the core functionality associated with the stated pop-up menu 
is inherent in the reference)] ((and)) 

displaying to a user a second dialogue to receive a selection by said user from 
said retrieved plurality of field values (note column 5, lines 1 1-30 - the concept and mechanism 
for performing the stated function is described; for example, the checking of the URL implies the checking 
of associated user ID and password which can be published as a separate pop-up dialog box)] and 
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automatically entering said selected field value into said original entry point for 
said requesting application program (note column 4, lines 54-59 - the data management system 
automatically inputs the user ID and password in the requesting fields of requesting application). 

As for claim 2, which is dependent on claim 1 , Nielsen teaches the method as set 
forth in claim 1 wherein said step of displaying a user dialogue comprises receiving a 
user identification value (note column 5, lines 46-49 - user ID and other information inputted in the 
dialog box; also note column 4, lines 53-58 - user identification provided by the password management 
system). 

As for claim 3, which is dependent on claim 1 , Nielsen teaches the method as set 
forth in claim 1 wherein said step of retrieving a field value from a secure field value 
store which correlates to a computing context comprises retrieving a field value which is 
associated with an application program (note column 3, lines 60-61 - the invention could be 
incorporated into a browser program; also note column 6, lines 47-53 - the invention applies to many 
different embodiments). 

As for claim 4, which is dependent on claim 1 , Nielsen teaches the method as set 
forth in claim 1 wherein said step of retrieving a field value from a secure field value 
store which correlates to a computing context comprises retrieving a field value which is 
associated with a web site (note column 3, lines 52-54 - the invention is applicable to a plurality of 
remote servers such as remote web sites; also note FIG. 1B and FIG. 2). 

As for claim 5, which is dependent on claim 1 , Nielsen teaches The method as 
set forth in claim 1 wherein said step of retrieving a field value from a secure field value 
store which correlates to a computing context comprises retrieving a field value which is 
associated with a web form (note column 3, line 55 - an applet may contain a web form; also note 
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column 6, lines 47-53 - the invention applies to many different embodiments; also note column 5, line 2 - 
registration equates to a web form). 

As for claim 6, which is dependent on claim 1 , Nielsen teaches The method as 
set forth in claim 1 wherein said step of automatically entering said retrieved field value 
into said activated field comprises automatically entering a password value (note column 
4, lines 3-8 - the password is automatically entered in the password field and sent to the remote site). 

As for independent claim 7, Nielsen teaches a computer readable medium 
encoded with software for graphically providing a secure field value retrieval and entry, 
wherein said computing platform includes a display device, a field activation device and 
a user selection device, said software causing the computing platform to perform the 
steps of: 

providing to a plurality of application programs an interface to request 
application-specific passwords, said plurality of application programs including at least 
one web browser program, and at least one non-browser program (note column 3, lines 52- 

63 - the password management system can be implemented as an Applet or HotJava or incorporated 
into a browser program; an applet is defined as a small program that is intended not to be run on its own, 
but rather to be embedded inside another application [browser or non-browser]; in Java programming 
language it is common practice to define an interface and then implement the interface; the interface is 
usually open but implementation can be proprietary; therefore, it is implied that Nielsen's database 
management system interface is an open interface that could be used by a third party vendon also note 
column 6, line 15-18)\ 
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receiving a request from an application program via said interface for input of an 
application-specific password (note column 4, lines 3-7 -the password management system 
receives request from remote site running browser or non-browser application)] 

receiving a computing context indicator regarding at least a position of an original 
entry point for a password as displayed by said requesting application program (note 
column 4, lines 52-59 - the original entry point is described)] 

displaying a user dialogue to receive a master key value from a user, said user 
dialogue being displayed in a position so as to overlay said original entry point for a 
password as displayed by said requesting application program (note column 4, lines 

the concept of overlaying technique is inherent in the reference; the overlaying feature is a particular 
implementation concept; the overlay concept is easily implemented using the system described by the 
reference; also note column 5, lines 48-50 - an overlay mechanism described; also note column 4, lines 
32-37 - user is prompted for master password)] 

determining if said master key value is a correct master key value (note column 4, 
lines 38-44 - the data management system prompts for master password which is then verified by the 
password management system)] 

retrieving a field value from a secure field value store which is associated with 
said requesting application program, said activated field and a user identification (note 
column 4, lines 3-1 1 - the data management system retrieves the stored user ID and password for the 
requesting application)] and 

automatically entering said retrieved field value into said original entry point for 
said requesting application program (note column 4, lines and lines 52-59), 
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As for claim 8, which is dependent on claim 7, Nielsen teaches the computer 
readable medium as set forth in claim 7 wherein said software for displaying a user 
dialogue comprises software for receiving a user identification value (note column 3, line 55 
- applet software described; also note column 8, lines 23-24 - software for inputting user ID is described; 
also note column 5, lines 46-49 - user ID and other information inputted in the dialog box; also note 
column 4, lines 53-58 - user identification provided by the password management system). 

As for claim 9, which is dependent on claim 7, Nielsen teaches the computer 
readable medium as set forth in claim 7 wherein said software for retrieving a field value 
from a secure field value store which correlates to a computing context comprises 
software for retrieving a field value which is associated with an application program (note 
column 3, lines 60-61 - the invention may be incorporated into a browser program; also note column 6, 
lines 47-53 - the invention applies to many different embodiments). 

As for claim 10, which is dependent on claim 7, Nielsen teaches the computer 
readable medium as set forth in claim 7 wherein said software for retrieving a field value 
from a secure field value store which correlates to a computing context comprises 
software for retrieving a field value which is associated with a web site (note column 3, line 
58 - HotJava software described; also note column 3, lines 52-54 - the invention is applicable to a plurality 
of remote sen/ers such as remote web sites; also note FIG. 1B and FIG. 2), 

As for claim 1 1 , which is dependent on claim 7, Nielsen teaches the computer 
readable medium as set forth in claim 7 wherein said software for retrieving a field value 
from a secure field value store which correlates to a computing context comprises 
software for retrieving a field value which is associated with a web form (note column 3, line 
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55 - an applet may contain a web form; also note column 6, lines 47-53 - the invention applies to many 
different embodiments; also note column 5, line 2 - registration equates to a web fonv). 

As for claim 12, which is dependent on claim 7, Nielsen teaches the computer 
readable medium as set forth in claim 7 wherein said software for automatically entering 
said retrieved field value into said activated field comprises software for automatically 
entering a password value (note column 3, line 55 - applet software is capable of the functionality; 
also note column 4, lines 3-8 • the password is automatically entered in the password field and sent to the 
remote site). 

As for independent claim 13, Nielsen teaches a system for graphically providing 
a secure field value storage, retrieval and entry within a computing platfomi, wherein 
said computing platform includes a display device, a field activation device, a user 
selection device and a data storage medium, said system comprising: 

an interface accessible by a plurality of application programs to request 
application-specific passwords, said plurality of application programs including at least 
one web browser program, and at least one non-browser program (note column 3, lines 52- 

63 - the password management system can be implemented as an Applet or HotJava or incorporated 
into a browser program; an applet is defined as a small program that is intended not to be run on its own, 
but rather to be embedded inside another application [browser or non-browser]; in Java programming 
language it is common practice to define an interface and then implement the interface; the interface is 
usually open but implementation can be proprietary; therefore, it is implied that Nielsen's database 
management system interface is an open interface that could be used by a third party vendor; also note 
column 6, lines 15-18) ] 

a request received from an application program via said interface for input of an 
application-specific password, including a computing context indicator regarding at least 
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a position of an original entry point for a password as displayed by said requesting 
application program (note column 4, lines 54-59 - the data management system automatically 
inputs the user ID and password in the requesting fields of requesting application) ] 

a secure field value store disposed within said data storage medium (note column 
4,lines1-11)\ 

a user dialogue display on said display device adapted to receive a master key 
value from a user, said user dialogue being displayed in a position so as to overlay said 
original entry point for a password as displayed by said requesting application program 
(note column 4, lines 1-11)] 

a master key value evaluator for determining if ((an)) a master key value entered 
via said user dialogue display is a correct master key value for said secure field value 
store (note column 4, lines 38-44 - the data management system prompts for master password which 
is then verified by the password management system)] 

a field value retriever for finding in and retrieving from said secure field value 
store a field value which is associated with said requesting application program and a 
user identification (note column 4, lines 1-11 and lines 52-59)\ and 

a field value inputter for automatically entering said retrieved field 
value into said original entry point (note column 4, lines 1-1 1 and lines 52-59). 

As for claim 14, which is dependent on claim 13, Nielsen teaches the system as 
set forth in claim 1 3 wherein said user dialogue display is further adapted to receive a 
user identification value, and wherein said field value retriever is further adapted to find 
and retrieve a field value which is associated with a user identification value (note column 
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ft lines 10-18; also note column 3, line 55 - applet software described; also note column 6, lines 70-71 - 
software routine implementation rule explained; also note column 4, line 50 - authentication request is 
received; also note column 4, lines 53-58 - user identification provided by the password management 
system). 

As for claim 15, wliich is dependent on claim 13, Nielsen teaches the system as 
set forth in claim 13 wherein said step of retrieving a password from a secure field value 
store which correlates to a computing context comprises retrieving a field value which is 
associated with an application program (note column 3, line 61 - software incorporated in a 

browser program; also note column 6, lines 70-71 - software routine implementation rule explained; also 
note column 3, lines 60-61 - the invention may be incorporated into a browser program; also note column 
6, lines 47-53 - the invention applies to many different embodiments; and note FIG. 2). 

As for claim 16, which is dependent on claim 13, Nielsen teaches the system as 
set forth in claim 13 wherein said step of retrieving a field value from a secure field 
value store which correlates to a computing context comprises retrieving a field value 
which is associated with a web site (note column 3, line 58 - HotJava software described; also 

note column 6, lines 70-71 - software routine implementation rule explained; also note column 3, lines 52- 
54 - the invention is applicable to a plurality of remote servers such as remote web sites; also note FIG. 
IB and FIG. 2). 

As for claim 17, which is dependent on claim 13, Nielsen teaches the system as 
set forth in claim 13 wherein said step of retrieving a field value from a secure field 
value store which correlates to a computing context comprises retrieving a field value 
which is associated with a web form (note column 3, line 58 - Java enhanced browser implements 
the feature; also note column 6, lines 70-71 - software routine implementation rule explained; also note 
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column 6, lines 47-53 - the invention applies to many different embodiments; also note column 5, line 2 - 
registration equates to a web form). 

As for claim 18, which is dependent on claim 13, Nielsen teaches the system as 
set forth in claim 13 wherein said step of automatically entering said retrieved field value 
Into said activated field comprises automatically entering a password value (note column 

8, lines 15-18; also note column 3, line 55 - applet software is capable of the functionality; also note 
column 6, lines 70-71 - software routine implementation rule explained; also note column 4, lines 3-8 - the 
password is automatically entered in the password field and sent to the remote site). 

As for claim 19, which is dependent on claim 13, Nielsen teaches the system as 
set forth in claim 13 where said field value store is a database (note column 8, lines 3-4 - 
database is claimed; also note column 4, lines 1-2 - invention maintains a database of passwords and 
user IDs as they are known to the remote sites). 

References Cited 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Nielsen (US Patent No. 6,006,333) teaches a password helper using a client-side 
master password that automatically presents the appropriate server-side password to a 
particular remote server. 

Sidles (US Pub. No. 2002/0062342) teaches a method for completing forms on 
wide area networks such as the Internet. 

Liu (US Patent No. 6,484,263) teaches a security profile for web browsers. 

Dent (US Pub. No. 2002/0066039) teaches anti-spoofing password protection. 
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Kelley et al. (US Patent No. 6.000,033) teaches password control via the web. 
Light et al. (US Patent No. 6,192,380) teaches automatic web based fomri fili-in. 

• US Patent No. 6,044,155 

• US Patent No. 5,935251 

• US Patent No. 6345549 

• US Patent No. 6412073 

• US Patent No. 6441834 

• US Publication No. 2002/0095673 

• US Publication No. 2003/0001013 

Conclusion 

5. THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded 
of the extension of time policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 
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Inquiries 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shahin Mizan whose telephone number is 571-272- 
0687 and whose fax number is 571-273-0687. The examiner can nomially be reached 
on M-F 8:30 a.m. - 5:00 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned Is 703-872-9306. 

Infomnation regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomnation about the PAIR system, see http://pair-dlrect.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Shahin Mizan 
Examiner 
Art Unit 2132 

GILBERTO BARRON ^^^^ 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



